Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
470 messagesstarting Dec 01 04 andending Dec 31 04
Date index |Thread index |Author index
Wednesday, 01 December
Disclosure of file system information in Mozilla Firefox and Opera Browser:Giovanni Delvecchio
Invision Power Board 'Allow auto login' setting overrideHillel Himovich
Re: Winamp - Buffer Overflow In IN_CDDA.dllBlack Dot
SUSE Security Announcement: various kernel problems (SUSE-SA:2004:042)Marcus Meissner
Re: Pi3Web/2.0.0 File-Disclosure/Path Disclosure vulnHolger Zimmermann
[CLA-2004:904] Conectiva Security Announcement - cyrus-imapdConectiva Updates
Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003.Reed Arvin
[SECURITY] [DSA 603-1] New openssl packages fix insecure temporary file creationMartin Schulze
[USN-35-1] imagemagick vulnerabilitiesMartin Pitt
[USN-36-1] NFS statd vulnerabilityMartin Pitt
[USN-33-1] libgd vulnerabilitiesMartin Pitt
[ GLSA 200411-37 ] Open DC Hub: Remote code executionLuke Macken
[CLA-2004:902] Conectiva Security Announcement - abiwordConectiva Updates
[USN-34-1] OpenSSH information leakageMartin Pitt
Thursday, 02 December
[KA Advisory 0411291] IPCop Cross Site Scripting Vulnerability in"proxylog.dat"Kurczaba Associates advisories
Cisco Security Advisory: Cisco CNS Network Registrar Denial of Service VulnerabilityCisco Systems Product Security Incident Response Team
rssh and scponly arbitrary command executionJason Wies
Blog Torrent preview 0.8 - arbitary file downloadSteve Kemp
[USN-37-1] cyrus21-imapd vulnerabilityMartin Pitt
Official IFRAME patch - make sure it installs correctlyBerend-Jan Wever
Multiple vulnerabilities in Kreed 1.05Luigi Auriemma
Remote Mercury32 Imap exploitJohnH
[CLA-2004:905] Conectiva Security Announcement - squirrelmailConectiva Updates
Re: Disclosure of file system information in Mozilla Firefox and Opera Browser:Liu Die Yu
FreeBSD Security Advisory FreeBSD-SA-04:17.procfsFreeBSD Security Advisories
Advanced GuestbookEmile van Elen
Friday, 03 December
[SECURITY] [DSA 604-1] New hpsockd packages fix denial of serviceMartin Schulze
[ GLSA 200412-01 ] rssh, scponly: Unrestricted command executionThierry Carrez
Saturday, 04 December
Opera 7.54 vulnerabilities again (still unfixed)Marc Schoenefeld
Monday, 06 December
[ GLSA 200412-02 ] PDFlib: Multiple overflows in the included TIFF libraryLuke Macken
Hosting Controllermouse small
[SECURITY] [DSA 605-1] New viewcvs packages fix information leakMartin Schulze
Winamp - Buffer Overflow In IN_CDDA.dll [ Patch Released ]Brett Moore
Multiple vulnerabilities in w3who ISAPI DLLNicolas Gregoire
Re: Advanced GuestbookSpy Hat
DoS leading to crash of client in Remote Execute 2.30headpimp
Web Application Security Consortium 'Guest Articles' Call for Papersrobert
Tuesday, 07 December
Tool Announcement: AIRT -- the Advanced Incident Response Tool (linux)madsys
RE: Disclosure of file system information in Mozilla Firefox and Opera Browser:Thor Larholm
Local root exploit on Mac OS X with Adobe Version Cuefintler
MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of ServiceEvgeny Demidov
[ GLSA 200412-05 ] mirrorselect: Insecure temporary file creationLuke Macken
Broadcast client crash in Battlefield 1942 1.6.19 and Vietnam 1.2Luigi Auriemma
MDKSA-2004:142 - Updated gzip packages fix temporary file vulnerabilityMandrake Linux Security Team
Multiple Vulnerabilities in paFileDB 3.1Ahmad Muammar
Online Script DecoderGreyMagic Security
Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0John Bissell
MD5 To Be Considered Harmful SomedayDan Kaminsky
Re: Local root exploit on Mac OS X with Adobe Version CueChet Ramey
MDKSA-2004:143 - Updated ImageMagick packages fix vulnerabilityMandrake Linux Security Team
Bypass personal firewall application protection . Again.offtopic
Cleartext SMB passwords in Novell Desktop Linux using KDEMike DeMaria
7a69Adv#16 - Konqueror FTP command injectionAlbert Puigsech Galicia
zone transfers, a spammer's dream?Lode Vermeiren
Re: Online Script DecoderStefan Paletta
Re: [Advisory] Mozilla Products Remote Crash VulnerabilityBerend-Jan Wever
Re: MD5 To Be Considered Harmful SomedayGandalf The White
IE6 Vulnerability - Local File DetectionViPeR
MDKSA-2004:147 - Updated openssl packages fix temporary file vulnerabilityMandrake Linux Security Team
MDKSA-2004:145 - Updated rp-pppoe packages fix vulnerabilityMandrake Linux Security Team
[ GLSA 200412-04 ] Perl: Insecure temporary file creationLuke Macken
MDKSA-2004:146 - Updated nfs-utils packages fix remote DoS vulnerabilityMandrake Linux Security Team
[Advisory] Mozilla Products Remote Crash VulnerabilityNiek van der Maas
MDKSA-2004:144 - Updated lvm1 packages fix temporary file vulnerabilityMandrake Linux Security Team
[ GLSA 200412-03 ] imlib: Buffer overflows in image decodingThierry Carrez
Wednesday, 08 December
Re: [Full-Disclosure] Multiple vulnerabilities in w3who ISAPI DLLNicolas Gregoire
MD5 To Be Considered Harmful TodayPavel Machek
[SECURITY] [DSA 606-1] New nfs-utils packages fix denial of serviceMartin Schulze
Re: MDKSA-2004:145 - Updated rp-pppoe packages fix vulnerabilityDavid F. Skoll
Re: MD5 To Be Considered Harmful SomedayTim
Re: 7a69Adv#16 - Konqueror FTP command injectionAlbert Puigsech Galicia
Re: Bypass personal firewall application protection . Again.Chris Paget
Address Bar Spoophing for the Pheeshies: IntotheNet Explorer 6http-equiv () excite com
Re: MD5 To Be Considered Harmful SomedayJoel Maslak
RE: MD5 To Be Considered Harmful SomedayRager, Anton (Anton)
Re: MD5 To Be Considered Harmful SomedayJoel Maslak
7a69Adv#15 - Internet Explorer FTP command injectionAlbert Puigsech Galicia
Re: MD5 To Be Considered Harmful SomedayGandalf The White
RE: MD5 To Be Considered Harmful SomedayDavid Schwartz
Re: MD5 To Be Considered Harmful SomedayKeith Oxenrider
Re: MD5 To Be Considered Harmful SomedayJack Lloyd
Re: MD5 To Be Considered Harmful SomedayDragos Ruiu
Re: MD5 To Be Considered Harmful SomedayJack Lloyd
Re: MD5 To Be Considered Harmful SomedayDan Kaminsky
Re: MD5 To Be Considered Harmful SomedayRuth A. Kramer
Re: MD5 To Be Considered Harmful SomedayDan Kaminsky
Re: MD5 To Be Considered Harmful SomedayPaul Wouters
Re: MD5 To Be Considered Harmful SomedayGeorge Georgalis
Re: MD5 To Be Considered Harmful SomedayPaul Wouters
Re: MD5 To Be Considered Harmful SomedaySolar Designer
Re: MD5 To Be Considered Harmful SomedayDan Kaminsky
Re: MD5 To Be Considered Harmful SomedaySteve Friedl
Re: IE6 Vulnerability - Local File DetectionRSnake
Re: MD5 To Be Considered Harmful SomedayDavid F. Skoll
Re: MD5 To Be Considered Harmful TodayDan Kaminsky
Re: MD5 To Be Considered Harmful TodayPavel Machek
Re: MD5 To Be Considered Harmful TodayDan Kaminsky
Thursday, 09 December
TSLSA-2004-0064 - nfs-utilsTrustix Security Advisor
KDE Security Advisory: plain text password exposureDirk Mueller
KDE Security Advisory: kfax libtiff vulnerabilitiesDirk Mueller
Re: MD5 To Be Considered Harmful SomedayAdam Shostack
Re: MD5 To Be Considered Harmful SomedayPavel Kankovsky
F-Secure Policy Manager - physical path disclosureoliver
Re: Multiple Vulnerabilities in paFileDB 3.1Rafael San Miguel Carrasco
Friday, 10 December
CodeCon CFP deadline nearingLen Sassaman
wget: Arbitrary file overwriting/appending/creating and other vulnerabilitiesJan Minar
In-game buffer-overflow in the Gamespy cd-key validation SDKLuigi Auriemma
[SECURITY] [DSA 607-1] New libxpm packages fix several vulnerabilitiesMartin Schulze
HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !http-equiv () excite com
Saturday, 11 December
Local off-by-one in mtr versions 0.55 to 0.65venglin
Monday, 13 December
Re: MD5 To Be Considered Harmful SomedaySolar Designer
SugarSales Multiple VulnerabilitiesDaniel Fabian
Citadel/UX <= v6.27 Remote Format String VulnerabilityCoKi
Gadu-Gadu several vulnerabilitiesJaroslaw Sajko
Multiple vulnerabilities in phpMyAdminNicolas Gregoire
MS IE User's Authentication Details (userid/password) Sharing IssueDebasis Mohanty
KDE Security Advisory: Konqueror Window Injection VulnerabilityWaldo Bastian
iDEFENSE Security Advisory 12.13.04 - Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerabilitycustomer service mailbox
[ZH2004-19SA] Possible execution of remote shell commands in Opera with kfmclienGiovanni Delvecchio
Winamp 5.07 (latest version) Remote Crash + other stupid shizleb0f www . b0f . net
Socket unreacheable in the Lithtech engine (new protocol)Luigi Auriemma
RE: zone transfers, a spammer's dream?Marcin Pacyna
[ GLSA 200412-07 ] file: Arbitrary code executionMatthias Geerdsen
NetWare Screensaver Authentication Bypass From The Local ConsoleAdam Gray
[ GLSA 200412-06 ] PHProjekt: setup.php vulnerabilityThierry Carrez
Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate AdvisorySecure Network Operations, Inc.
What's "may have exploitable buffer overflows" mean in tcpdump?Dragos Ruiu
Tuesday, 14 December
Linux kernel IGMP vulnerabilitiesPaul Starzetz
phpBB Attachment Mod Directory Traversal HTTP POST InjectionPaul Laudanski
Re: Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisorysecure
Linux kernel scm_send local DoSPaul Starzetz
Re: [Full-Disclosure] [HV-LOW] Symantec LiveUpdate issues may cause DoSDan Margolis
[ZH2004-18SA] Content-Type spoofing in Mozilla Firefox and Opera could allow users to bypass security restrictionsGiovanni Delvecchio
iDEFENSE Security Advisory 12.14.04 - Adobe Acrobat Reader 5.0.9 mailListIsPdf() Buffer Overflow Vulnerabilitycustomer service mailbox
MDKSA-2004:148 - Updated iproute2 packages fix temporary file vulnerabilityMandrake Linux Security Team
[SECURITY] [DSA 609-1] New atari800 packages fix local root exploitMartin Schulze
ASP Calendar Vulnerability <www.ashiyane.com>ali reza AcTiOnSpIdEr
[CAN-2004-1022] Insecure Credential Storage on Kerio SoftwareSecure Computer Group
Re: Citadel/UX <= v6.27 Remote Format String VulnerabilityMichael Hampton
RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerabilityHongzhen Zhou
Possible local root vulnerability in Roxio Toast on Mac OS Xfintler
STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerabilityadvisory
[SECURITY] [DSA 608-1] New zgv packages fix arbitrary code executionMartin Schulze
[ GLSA 200412-08 ] nfs-utils: Multiple remote vulnerabilitiesLuke Macken
[CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio SoftwareSecure Computer Group
MDKSA-2004:149 - Updated postgresql packages fix temporary file vulnerabilityMandrake Linux Security Team
ASP-rider is vulnerable to sql injection attackshervin khaleghjou
iDEFENSE Security Advisory 12.13.04: Adobe Reader 6.0 .ETD File Format String Vulnerabilitycustomer service mailbox
Re: NetWare Screensaver Authentication Bypass From The Local ConsoleBrad Bendily
Re: Linux kernel IGMP vulnerabilitiesPekka Savola
iDEFENSE Security Advisory 12.14.04 - Microsoft Word 6.0/95 Document Converter Buffer Overflow Vulnerabilitycustomer service mailbox
[Correction For]: Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate AdvisorySecure Network Operations, Inc.
[USN-38-1] Linux kernel vulnerabilitiesMartin Pitt
Wednesday, 15 December
HyperTerminal - Buffer Overflow In .ht FileBrett Moore
Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ]GulfTech Security
Asante FM2008 10/100 Ethernet switch backdoor loginJoe Philipps
Hotmail Cross-Site Scripting Vulnerability #1Rafel Ivgi
Hotmail Cross Site Scripting Vulnerability #2Rafel Ivgi
Yahoo! Mail Cross-Site Scripting VulnerabilityRafel Ivgi
Re: RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerabilityHongzhen Zhou
*nix data wipe toolsThomas C. Greene
3cdaemon tftp server DOS vulnerabilityWang Ning
Re: rpcl_icmpdos.cx90c
[ GLSA 200412-09 ] ncpfs: Buffer overflow in ncplogin and ncpmapThierry Carrez
Re: Linux kernel scm_send local DoSeven multiplexed
Re: Linux kernel scm_send local DoSPaul Starzetz
MSIE DHTML Edit Control Cross Site Scripting VulnerabilityPaul
[OpenPKG-SA-2004.052] OpenPKG Security Advisory (vim)OpenPKG
STG Security Advisory: [SSA-20041214-14] GNUBoard PHP injection vulnerabilityadvisory
[ GLSA 200412-10 ] Vim, gVim: Vulnerable options in modelinesThierry Carrez
Security Advisory for CVS SlashJamie McCarthy
Advisory 01/2004: Multiple vulnerabilities in PHP 4/5Stefan Esser
Cisco Security Advisory: Default Administrative Password in Cisco Guard and Traffic Anomaly DetectorCisco Systems Product Security Incident Response Team
Re: Linux kernel IGMP vulnerabilitiesPaul Starzetz
iwebnegar is vulnerable to all kind of sql injectionsshervin khaleghjou
Cisco Security Advisory: Cisco Unity Integrated with Exchange Has Default PasswordsCisco Systems Product Security Incident Response Team
STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWikiadvisory
CSS in phpBB 1.4.4SandI]
Re: Linux kernel scm_send local DoSeven multiplexed
Re: Linux kernel IGMP vulnerabilitiesstephen joseph butler
php unserializeMartin Eiszner
Re: Linux kernel scm_send local DoSgadgeteer
MDKSA-2004:150 - Updated kdelibs and kdebase packages fix vulnerabilityMandrake Linux Security Team
RE: CSS in phpBB 1.4.4Paul Owen
Re: Linux kernel IGMP vulnerabilitiesmatthew-bugtraq
Thursday, 16 December
Re: php unserializeStefan Esser
iDEFENSE Security Advisory 12.15.04: Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerabilitycustomer service mailbox
[SAMBA] CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9Gerald Carter
STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoardadvisory
STG Security Advisory: [SSA-20041215-18] Vulnerability of uploading files with multiple extensions in phpBB Attachment Modadvisory
[MaxPatrol] SQL-injection in Ikonboard 3.1.xAlexander Anisimov
STG Security Advisory: [SSA-20041215-19] Vulnerability of uploading files with multiple extensions in MediaWikiadvisory
Multiple XSS Vulnerabilities in Wordpress 1.2.1Thomas Waldegger
DJB's students release 44 *nix software vulnerability advisoriesThor Larholm
PHP Input Validation VulnerabilitiesDaniel Fabian
Re: [ GLSA 200412-10 ] Vim, gVim: Vulnerable options in modelinesAlexey I. Froloff
iDEFENSE Security Advisory 12.16.04: Samba smbd Security Descriptor Integer Overflow VulnerabilityiDEFENSE Security Advisory
iDEFENSE Security Advisory 12.16.04: Veritas Backup Exec Agent Browser Registration Request Buffer Overflow VulnerabilityiDEFENSE Security Advisory
iDEFENSE Security Advisory 12.16.04: MPlayer Remote RTSP HeapOverflow VulnerabilityiDEFENSE Security Advisory
[USN-39-1] Linux amd64 kernel vulnerabilityMartin Pitt
[USN-40-1] PHP vulnerabilitiesMartin Pitt
iDEFENSE Security Advisory 12.16.04: MPlayer MMST Streaming Stack Overflow VulnerabilityiDEFENSE Security Advisory
Yahoo! Mail Cross-Site Scripting VulnerabilityRafel Ivgi, The-Insider
iDEFENSE Security Advisory 12.16.04: MPlayer Bitmap Parsing Remote Heap Overflow VulnerabilityiDEFENSE Security Advisory
Hotmail Cross-Site Scripting Vulnerability #2Rafel Ivgi, The-Insider
Hotmail Cross-Site Scripting Vulnerability #1Rafel Ivgi, The-Insider
Discussion: Microsoft(R) PowerPoint �Action Settings� feature allows invocation of default browser pointed at arbitrary URL.Monte Ratzlaff
[OpenPKG-SA-2004.053] OpenPKG Security Advisory (php)OpenPKG
[ GLSA 200412-11 ] Cscope: Insecure creation of temporary filesLuke Macken
[SIG^2 G-TEC] singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilitieschewkeong
Re: *nix data wipe toolsDavid Cannings
RE: STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoardRichard Stanway
RE: Linux kernel IGMP vulnerabilitiesWolfpaw - Dale Corse
Friday, 17 December
Unchecked returns from kernel_read() in linux-2.6.10-rc2 kernelKatrina Tsipenyuk
Re: DJB's students release 44 *nix software vulnerability advisoriesCrispin Cowan
RE: Linux kernel IGMP vulnerabilitiesJirka Kosina
[OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba)OpenPKG
Gadu-Gadu, another two bugsJaroslaw Sajko
NetBSD Security Advisory 2004-010: Insufficient argument validation in compat codeNetBSD Security-Officer
phphpbb2 + php version < 4.3.10 unserialize() memory dump sql password from config.php exploitbad boy
[ GLSA 200412-12 ] Adobe Acrobat Reader: Buffer overflow vulnerabilityLuke Macken
Re: *nix data wipe toolsWietse Venema
4 Vulnerabilities in GamePortamoXi Devilkin
Re: *nix data wipe toolsThomas C. Greene
Re: DJB's students release 44 *nix software vulnerability advisoriescees-bart
Re: iDEFENSE Security Advisory 12.16.04: MPlayer MMST Streaming Stack Overflow VulnerabilityHideki Yamane
Re: DJB's students release 44 *nix software vulnerability advisoriessecurity curmudgeon
NetBSD kernel local vulnerabilitiesEvgeny Demidov
4 Vulnerabilities in GamePortamoXi Devilkin
[OpenPKG-SA-2004.056] OpenPKG Security Advisory (cvstrac)OpenPKG
Re: *nix data wipe toolsCasper . Dik
Internet Explorer Code Execution Bypass Vulnerabilityaikon none
[SECURITY] [DSA 610-1] New cscope packages fix insecure temporary file creationMartin Schulze
Bug in Crypt::ECB perl moduleBennett R. Samowich
Re: *nix data wipe toolsGeorge Georgalis
[ GLSA 200412-13 ] Samba: Integer overflowSune Kloppenborg Jeppesen
Sunday, 19 December
Multiple Vulnerabilities In Kayako eSupport v2.xGulfTech Security
Re: DJB's students release 44 *nix software vulnerability advisoriesD. J. Bernstein
MS Windows Media Player 9 Vulns (2)Arman Nayyeri
Monday, 20 December
MDKSA-2004:151 - Updated php packages fix multiple vulnerabilitiesMandrake Linux Security Team
Re: Patch available for multiple critical flaws in OracleMarc Bejarano
Re: DJB's students release 44 *nix software vulnerability advisoriesJulian T J Midgley
[USN-41-1] Samba vulnerabilityMartin Pitt
[SECURITY] [DSA 611-1] New htget packages fix arbitrary code executionMartin Schulze
Security Bulletin SSRT4687 rev.0 HP-UX newgrp(1) local privilege elevationBoren, Rich (SSRT)
[ GLSA 200412-14 ] PHP: Multiple vulnerabilitiesThierry Carrez
AIX 5.1/5.2/5.3 local root exploitscees-bart
PHP shmop.c module permits write of arbitrary memory.Stefano Di Paola
TSLSA-2004-0066 - multiTrustix Security Advisor
TSLSA-2004-0068 - kernelTrustix Security Advisor
[ GLSA 200412-15 ] Ethereal: Multiple vulnerabilitiesSune Kloppenborg Jeppesen
Crystal FTP Pro Client Buffer OverflowLuca Ercoli
Windows Explorer TGA CrashBill
KDE Security Advisory: Konqueror Java VulnerabilityWaldo Bastian
Re: Internet Explorer Code Execution Bypass Vulnerabilitycmthemc
UPDATE: [ GLSA 200410-12 ] WordPress: HTTP response splitting and XSS vulnerabilitiesLuke Macken
Exploit for Ultrix 4.5 dxtermKristoffer Brånemyr
[ GLSA 200412-16 ] kdelibs, kdebase: Multiple vulnerabilitiesSune Kloppenborg Jeppesen
Internet Explorer Help ActiveX Control Local Zone Security Restriction Bypass Vulnerability (updated)Paul
[ GLSA 200412-17 ] kfax: Multiple overflows in the included TIFF librarySune Kloppenborg Jeppesen
[ GLSA 200412-20 ] NASM: Buffer overflow vulnerabilityLuke Macken
[ GLSA 200412-18 ] abcm2ps: Buffer overflow vulnerabilityLuke Macken
[ GLSA 200412-21 ] MPlayer: Multiple overflowsThierry Carrez
[USN-42-1] Xine library vulnerabilitiesMartin Pitt
[Full-Disclosure] [ GLSA 200412-19 ] phpMyAdmin: MultiplevulnerabilitiesSune Kloppenborg Jeppesen
Re: Gadu-Gadu, another two bugsPrzemyslaw Frasunek
Re: DJB's students release 44 *nix software vulnerability advisoriesMarcin Owsiany
Gadu-Gadu Remote DoS (all versions)Maciej Soltysiak
[SECURITY] [DSA 612-1] New a2ps packages fix arbitrary command executionMartin Schulze
MDKSA-2004:153 - Updated aspell packages fix vulnerabilityMandrake Linux Security Team
MDKSA-2004:152 - Updated ethereal packages fix multiple vulnerabilitiesMandrake Linux Security Team
Updated: TSLSA-2004-0068 - kernelTrustix Security Advisor
[USN-43-1] groff utility vulnerabilitiesMartin Pitt
Re: [Full-Disclosure] Re: Gadu-Gadu, another two bugsMaciej Soltysiak
MITKRB5-SA-2004-004: heap overflow in libkadm5srvTom Yu
Tuesday, 21 December
TSLSA-2004-0069 - kerberos5Trustix Security Advisor
[SECURITY] [DSA 614-1] New xzgv packages fix arbitrary code executionMartin Schulze
Re: AIX 5.1/5.2/5.3 local root exploits (diag issue)Shiva Persaud
phpBB WormShannon Lee
Xprobe 0.2.1 Releasedbugtraq
Re: DJB's students release 44 *nix software vulnerability advisoriesJonathan T Rockway
Re: DJB's students release 44 *nix software vulnerability advisoriesmilw0rm Inc.
SUSE Security Announcement: various kernel problems (SUSE-SA:2004:044)Marcus Meissner
Re: DJB's students release 44 *nix software vulnerability advisoriesArtem Chuprina
Re: DJB's students release 44 *nix software vulnerability advisoriesDave Holland
Re: DJB's students release 44 *nix software vulnerabilityadvisoriesAntoine Martin
Re: DJB's students release 44 *nix software vulnerability advisoriesThor
Re: phpBB WormRaymond Dijkxhoorn
iDEFENSE Security Advisory 12.21.04: Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerabilitycustomer service mailbox
iDEFENSE Security Advisory 12.21.04: Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerabilitycustomer service mailbox
iDEFENSE Security Advisory 12.21.04: Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerabilitycustomer service mailbox
iDEFENSE Security Advisory 12.21.04: libtiff Directory Entry Count Integer Overflow Vulnerabilitycustomer service mailbox
Re: DJB's students release 44 *nix software vulnerability advisoriesStephen Samuel
iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerabilitycustomer service mailbox
iDEFENSE Security Advisory 12.21.04: Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerabilitycustomer service mailbox
Re: Wordpress 1.2.2 is still vulnerableThomas Waldegger
RE: DJB's students release 44 *nix software vulnerability advisoriesDevin Ganger
Re: Windows Explorer TGA Crash is a DoS bug in Internet Explorer.Berend-Jan Wever
Re: DJB's students release 44 *nix software vulnerability advisoriesDavid F. Skoll
WebWorm using PHPBB vulnerability in the wild!Niki Denev
Re: AIX 5.1/5.2/5.3 local root exploits (paginit issue)Shiva Persaud
RE: phpBB WormPaul Kurczaba
[SECURITY] [DSA 613-1] New ethereal packages fix denial of serviceMartin Schulze
Re: DJB's students release 44 *nix software vulnerability advisorieslaffer1
Re: DJB's students release 44 *nix software vulnerability advisoriesStephen Harris
Re: Windows Explorer TGA Crash is a DoS bug in Internet Explorer.Berend-Jan Wever
Re: DJB's students release 44 *nix software vulnerability advisoriesRaymond M. Reskusich
Wednesday, 22 December
SUSE Security Announcement: samba (SUSE-SA:2004:045)Sebastian Krahmer
[SECURITY] [DSA 615-1] New debmake package fixes insecure temporary directoriesMartin Schulze
Local versus remote security holesD. J. Bernstein
MDKSA-2004:154 - Updated kdelibs packages fix multiple vulnerabilityMandrake Linux Security Team
Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow VulnerabilityDmitry V. Levin
Sybase ASE 12.5.2 vulnerabilitiesNGSSoftware Insight Security Research
Re: DJB's students release 44 *nix software vulnerability advisoriesD. J. Bernstein
Re: DJB's students release 44 *nix software vulnerability advisoriesJonathan Rockway
Re: DJB's students release 44 *nix software vulnerabilityadvisoriesChris Paget
MDKSA-2004:156 - Updated krb5 packages fix buffer overflow vulnerabilityMandrake Linux Security Team
Re: DJB's students release 44 *nix software vulnerability advisoriesJonathan Rockway
Re: phpBB WormSebastian Wiesinger
Re: phpBB WormAlexander Klimov
malware effecting broadband users in IsraelGadi Evron
Java Runtime Environment Remote Denial-of-Service (DoS) VulnerabilityMarc Schoenefeld
Re: DJB's students release 44 *nix software vulnerability advisoriesValdis . Kletnieks
Re: phpBB Wormycw1bh302
Re: Local versus remote security holesAdam Shostack
possible local exploit via sendmail with procmail on solarisMichael Barnes
Re: DJB's students release 44 *nix software vulnerability advisoriesSteven M. Christey
Permission problem in Skype BETA for linuxPeter Conrad
PHP v4.3.x exploit for Windows.The Warlock
Re: DJB's students release 44 *nix software vulnerability advisoriesDavid Eisner
Re: DJB's students release 44 *nix software vulnerability advisoriesSteven M. Christey
Realone2.0 "pnxr3260.dll" Lets Remote Users IE Browser CrashWei Li
[ GLSA 200412-23 ] Zwiki: XSS vulnerabilityLuke Macken
Re: DJB's students release 44 *nix software vulnerability advisoriesCasper . Dik
RE: DJB's students release 44 *nix software vulnerability advisoriesManning, Robert (Mission Systems)
Re: DJB's students release 44 *nix software vulnerability advisoriesCrispin Cowan
stick with "anonymous" or "authenticated" when describing attacksJonathan G. Lampe
MDKSA-2004:155 - Updated logcheck packages fix temporary file vulnerabilityMandrake Linux Security Team
Webmin BruteForce + Command execution - By Di42lo <DiAblo_2 () 012 net il>amit sides
MDKSA-2004:157 - Updated mplayer packages fix multiple vulnerabilitiesMandrake Linux Security Team
Re: DJB's students release 44 *nix software vulnerability advisoriesJack Lloyd
2Bgal : 2.4 & 2.5.1 SQL injection Vulnerabilityzib zib
Security Advisory for ALL forum services with client-set imagesJames Bandara
SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2004:046)Marcus Meissner
Re: WebWorm using PHPBB vulnerability in the wild!Nick Johnson
Re: DJB's students release 44 *nix software vulnerability advisoriessean
Thursday, 23 December
Oracle Trigger Abuse (#NISR2122004I)NGSSoftware Insight Security Research
Oracle clear text passwords (#NISR2122004D)NGSSoftware Insight Security Research
Oracle ISQLPlus file access vulnerability (#NISR2122004E)NGSSoftware Insight Security Research
Oracle Character Conversion Bugs (#NISR2122004G)NGSSoftware Insight Security Research
Oracle extproc buffer overflow (#NISR23122004A)NGSSoftware Insight Security Research
Oracle extproc directory traversal (#NISR23122004B)NGSSoftware Insight Security Research
Oracle extproc local command execution (#NISR23122004C)NGSSoftware Insight Security Research
IBM DB2 generate_distfile buffer overflow vulnerability (#NISR2122004L)NGSSoftware Insight Security Research
Oracle TNS Listener DoS (#NISR2122004F)NGSSoftware Insight Security Research
Oracle wrapped procedure overflow (#NISR2122004J)NGSSoftware Insight Security Research
Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)NGSSoftware Insight Security Research
[OpenPKG-SA-2004.055] OpenPKG Security Advisory (gettext)OpenPKG
IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J)NGSSoftware Insight Security Research
[SECURITY] [DSA 616-1] New telnetd-ssl packages fix arbitrary code executionMartin Schulze
Microsoft Windows Kernel ANI File Parsing Crash and DOS Vulnerabilityflashsky fangxing
Microsoft Windows LoadImage API Integer Buffer overflowflashsky fangxing
Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow VulnerabilityMoritz Muehlenhoff
SHOUTcast remote format string vulnerabilityDamian Put
Re: phpBB WormAlvin Packard
Crystal FTP Pro 2.8 PoCcybertronic
[USN-47-1] Linux kernel vulnerabilitiesMartin Pitt
Cross Site Scripting In PsychoStats 2.2.4 Beta && EarlierGulfTech Security
Re: phpBB WormAnders Henke
Re: stick with "anonymous" or "authenticated" when describingSteven M. Christey
Re: Linux kernel scm_send local DoSPavel Kankovsky
Re: DJB's students release 44 *nix software vulnerability advisoriesMichal Zalewski
RE: DJB's students release 44 *nix software vulnerability advisoriesPalmer, Paul (ISSAtlanta)
Re: DJB's students release 44 *nix software vulnerability advisoriesD. J. Bernstein
Re: Security Advisory for ALL forum services with client-set imagesStefan Paletta
Re: DJB's students release 44 *nix software vulnerability advisoriesCrispin Cowan
Inexcusable weakness in Kmail / GnuPGThomas C. Greene
Re: [webmin-l] Re: Webmin BruteForce + Command execution - ByDi42lo <DiAblo_2 () 012 net il>Jamie Cameron
Re: phpBB WormWilliam Geoghegan
Re: DJB's students release 44 *nix software vulnerability advisoriesCrispin Cowan
Microsoft Windows winhlp32.exe Heap Overflow Vulnerabilityflashsky fangxing
RE: Local versus remote security holesDavid Brodbeck
RE: Crystal FTP Pro 2.8 PoCcybertronic
[USN-48-1] xpdf, tetex-bin vulnerabilitiesMartin Pitt
[USN-49-1] debmake vulnerabilityMartin Pitt
[USN-51-1] teTeX auxiliary script vulnerabilityMartin Pitt
[USN-52-1] vim vulnerabilityMartin Pitt
RE: phpBB WormOfer Shezaf
[ Security Bulletin ] SSRT4699 rev.0 HP-UX SAM local privilege increaseBoren, Rich (SSRT)
WPkontakt message parsing errorJaroslaw Sajko
[Security Bulletin] SSRT4867 rev.0 Netscape Directory Server on HP-UX LDAP remote buffer overflowBoren, Rich (SSRT)
[Security Bulletin] SSRT4876 rev.0 HP Tru64 UNIX SWS (Apache) Secure Web Server RemoteBoren, Rich (SSRT)
Linux 2.6 Kernel Capability LSM Module Local Privilege Elevationflashsky fangxing
Re: [Full-Disclosure] Re: Linux kernel scm_send local DoSValdis . Kletnieks
Re: Security Advisory for ALL forum services with client-set imagesTim Jackson
[Security Bulletin] SSRT4883 rev.3 HP-UX ftp and ftpd remote unauthorized accessBoren, Rich (SSRT)
[USN-50-1] CUPS vulnerabilitiesMartin Pitt
Re: phpBB WormAnders Henke
[Security Bulletin] SSRT4696 rev.0 - HP Tru64 UNIX TCP Stack Remote Denial of Service (DoS)Boren, Rich (SSRT)
Re: Webmin BruteForce + Command execution - By Di42lo <DiAblo_2 () 012 net il>Martin Mewes
Re: possible local exploit via sendmail with procmail on solarisJeff Damens
raptor's xmas pack 2004Marco Ivaldi
Friday, 24 December
[SECURITY] [DSA 618-1] New imlib packages fix arbitrary code executionMartin Schulze
[SECURITY] [DSA 617-1] New libtiff packages fix arbitrary code executionMartin Schulze
Re: DJB's students release 44 *nix software vulnerability advisoriesCrispin Cowan
Re: DJB's students release 44 *nix software vulnerability advisoriesDavid Wagner
Re: phpBB Wormsteve
Re: [USN-52-1] vim vulnerabilityLiu Die Yu
STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoardadvisory
Re: Inexcusable weakness in Kmail / GnuPGSimple Nomad
XSS in yacy 0.31Donato Ferrante
Final Call for Papers & Workshops - BCS Asia 2005Anthony.zboralski
Re: phpBB WormRaymond Dijkxhoorn
Saturday, 25 December
Re: phpBB WormZeljko Brajdic
CleanCache v2.19: False Sense of SecurityWBG Links
New Santy-Worm attacks *all* PHP-skriptsJuergen Schmidt
new phpBB worm affects 2.0.11Herman Sheremetyev
New Winhlp32.exe vulnbad_son
PHPBB worm in actionColin Keith
RE: phpBB WormChris Ess
Re: Microsoft Windows LoadImage API Integer Buffer overflowBrett Glass
Re: New Santy-Worm attacks *all* PHP-skripts ( Santy.c ? )K-OTiK Security
Microsoft Internet Explorer SP2 Fully Automated Remote CompromisePaul
Tuesday, 28 December
Multiple Vulnerabilities in MoodleBartek Nowotarski
MDKSA-2004:158 - Updated samba packages fix integer overflow vulnerabilitiesMandrake Linux Security Team
possible error in latest NGS realplayer advisoryMarc Bejarano
Did a 16-bit counter overflow shut down Comair?Richard M. Smith
Multiple WHM Autopilot VulnerabilitiesGulfTech Security
Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow VulnerabilityMarcus Meissner
Remote code execution with parameters withoutu ser interaction, even with XP SP2ShredderSub7 SecExpert
[HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc includedHat-Squad Security Team
Netcat v1.11 For Windows , New fixed versionHat-Squad Security Team
XSA-2004-7: stack overflow in AIFF demultiplexerMichael Roitzsch
Re: [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc includedChris Wysopal
KDE Security Advisory: kpdf Buffer Overflow VulnerabilityDirk Mueller
Re: Microsoft Windows LoadImage API IntegerBuffer overflowBerend-Jan Wever
Wednesday, 29 December
php-Calendar File Include Vulnerability [ Command Exec ]GulfTech Security
QNX crrtrap arbitrary file read/write vulnerability [RLSA_06-2004]Julio Cesar Fort
Sanity Worm ConceptsAndy Fewtrell
Re: Did a 16-bit counter overflow shut down Comair?Mike Nice
Re: Did a 16-bit counter overflow shut down Comair?Avleen Vig
[CLA-2004:909] Conectiva Security Announcement - netpbmConectiva Updates
[ GLSA 200412-25 ] CUPS: Multiple vulnerabilitiesThierry Carrez
[ GLSA 200412-26 ] ViewCVS: Information leak and XSS vulnerabilitiesThierry Carrez
[ GLSA 200412-24 ] Xpdf, GPdf: New integer overflowsThierry Carrez
Heap overflow in Mozilla Browser <= 1.7.3 NNTP code.Maurycy Prodeus
Thursday, 30 December
[SECURITY] [DSA 620-1] New perl packages fix several vulnerabilitiesMartin Schulze
MDKSA-2004:160 - Updated kdelibs packages fix konqueror email vulnerabilityMandrake Linux Security Team
MDKSA-2004:161 - Updated xpdf packages fix buffer overflow vulnerabilityMandrake Linux Security Team
KorWeblog php injection VulnerabilityMin-sung Choi
NetCat V 1.11 Multiple BugsCorryL
[SECURITY] [DSA 619-1] New xpdf packages fix arbitrary code executionMartin Schulze
MDKSA-2004:164 - Updated cups packages fix buffer overflow vulnerabilityMandrake Linux Security Team
MDKSA-2004:159 - Updated glibc packages fix temporary file vulnerabilityMandrake Linux Security Team
Strange Java Loaderduffbeer
MDKSA-2004:163 - Updated kdegraphics packages fix buffer overflow vulnerabilityMandrake Linux Security Team
MDKSA-2004:165 - Updated koffice packages fix multiple vulnerabilitiesMandrake Linux Security Team
Re: Strange Java Loader (not so strange - Trojan.ByteVerify)K-OTiK Security
MDKSA-2004:162 - Updated gpdf packages fix buffer overflow vulnerabilityMandrake Linux Security Team
Re: Multiple Vulnerabilities in MoodleMartin Dougiamas
Re: Sanity Worm ConceptsPaul Laudanski
MDKSA-2004:166 - Updated tetex packages fix multiple vulnerabilitiesMandrake Linux Security Team
Friday, 31 December
SQL Injection Vulnerability In IBProArcademike bailey
[EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoChouseofdabus HOD
ArGoSoft FTP Server reveals valid usernames and allows for brute force attackssteven
Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoCAlberto Garcia Hierro
[SECURITY] [DSA 621-1] New CUPS packages fix arbitrary code executionMartin Schulze
Cross Site Scripting DOS (Zyxel B-420 Ethernet Bridge)beniwiedmer
WHM AutoPilot Security Release [ Plus Upgrade Instructions ]GulfTech Security
Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoCSteve Friedl